Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

I have had a malware/phishing virus on my comp for a while now. I can not get rid of it no matter what I or my tech friends do.I have performed a full re-install but it hid out somewhere.I have tried to remove it to no avail.

Name: CAPTUR~4.EXE (2 appear in task manager, if you try to end the process there it multiplies0Found in folder: C/Windows/Prefetch

My name is peku006 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

If you don't know or understand something please don't hesitate to ask

Please DO NOT run any other tools or scans whilst I am helping you.

It is important that you reply to this thread. Do not start a new topic.

If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.

Run Gmer again and click on the Rootkit tab.

Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.

Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".

Click on the "Scan" and wait for the scan to finish.Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.

When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.

[ Application Events ]Error - 7/17/2010 1:44:59 PM | Computer Name = MAGICBOX | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 1:44:59 PM | Computer Name = MAGICBOX | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

[ Application Events ]Error - 7/17/2010 1:44:59 PM | Computer Name = MAGICBOX | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error - 7/17/2010 1:44:59 PM | Computer Name = MAGICBOX | Source = crypt32 | ID = 131083Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself.

Press the OK button to close that box and continue.

Problems downloading the updates? Manually download them from hereand double-click on "mbam-rules.exe" to install.

On the Scanner tab:

Make sure the "Perform full scan" option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.

Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.We will take care of the System Volume Information items later.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.